The nature and accuracy of the counting process underpins the value of a CVE Entry. Correct counting reduces the likelihood of duplicate CVE IDs being assigned to a single vulnerability. Also, some reports of vulnerabilities may confuse or conflate multiple, separate software problems, and the counting process helps to differentiate between those vulnerabilities that are unique. Decision trees are included.

There are many places where the CVE ID assignment process can break down. Since mistakes are inevitable, processes to correct them are necessary. This document describes different scenarios wherein the CVE ID assignment goes awry, and the corresponding resolution process.

Each CVE Entry includes appropriate references. Each reference used in CVE (1) identifies the source, (2) includes a well-defined identifier to facilitate searching on a source's website, and (3) notes the associated CVE Entry. CVE also includes a Reference Maps page with links to documents from the commonly used information sources that are used as references for CVE Entries.

CVE Request Web Form Documentation

This presentation provides an overview of how to use the CVE Request web form, which is used to request CVE IDs from the Primary CNA, request an update to an existing CVE entry, provide notification about a vulnerability publication, or submit comments.

A brief overview of information and tips for using each of the CVE Request web forms: Request a CVE ID; Request a block of IDs (for CNAs only); Notify CVE about a publication; Request an update to an existing CVE; and Other.

Provides detailed information for prospective CNAs about the following: Conceptual Basis of CVE; Design and Operational Choices for CVE – CVEs Purposely Provide Minimal Information About a Vulnerability, The CVE List is a Simple List, CVE Only Publishes Already-Disclosed Vulnerabilities, and The Anatomy of a CVE Entry - Example; CVE and the National Vulnerability Database (NVD); CVE and CNAs – Sources of Vulnerability Information, Benefits of Early CVE ID Assignment, Roles and Responsibilities of a CVE CNA - High Level View, and Benefits of Operating as a CNA; and Special Considerations for Prospective CNAs – Requirements for Assigning a CVE ID and Challenges When Assigning CVE IDs; More Information; Acronyms; and References. Version 1.0 – September 29, 2017

Provides information on how to reserve a CVE ID before publicizing a new vulnerability so that CVE ID can be included in the initial public announcement of the vulnerability and can be used to track the vulnerability. Version 0.1 – August 29, 2016

CVE Board Documents

This document provides information about the CVE Board and how it functions, including Board structure, membership, and operations. A member nomination form is also included. Version 2.5 – January 11, 2018

This white paper introducing the CVE concept was presented at the 2nd Workshop on Research with Security Vulnerability Databases, Purdue University, West Lafayette, Indiana, USA. January 21-22, 1999 by MITRE's David Mann and Steve Christey. A postscript version is also available.